Talks

Pros V Joes CTF

Audience:

Students and professionals who want to learn the details of computer compromise through hands on experience in a live combat scenario.

Speaker(s): Eric Arnoth

Description:

The Pros vs Joes CTF is a live combat Capture The Flag event. The Pros are Information Security professionals or advanced in their knowledge of securing / compromising computers and networks. These professionals will help the Joes to improve their skills through the course of two days of attack and defend. On the first day, teams of Joes, captained by a Pro, protect their network from the Red Cell. On the second day, the Red Cell disolves and joins the Joe teams, which then attack each other.

The game is completely virtual, players only need bring a laptop for connecting to the gaming environment via the Internet. Laptops will NOT be in the line of fire.

At the end of each day, there will be a debrief to reveal how compromises occurred, with discussion for how to better defend.


Physical Penetration Testing (Low tech or no tech)

Audience:

Intro to active tester.

Speaker(s): Keith Pachulski – @sec0ps

Description:

This presentation will be a complete walk through on how to perform physical security penetration tests. This is NOT a lock-picking class. We will be covering common tools used to gain access to target facilities as well as provide videos from real world testing.

– Onsite and remote advance work
– Penetration of the external barriers
– Penetrating the facility
– Penetrating the people
– Deploying boxes on the network for access

Common issues that testers run into will also be discussed, such as personal psychological issues (insertion mentality), manipulating people efficiently and quickly and learning to STFU.


Raspberry Pi, Kismet, and PCI 11.1

Audience:

Anyone that needs to be PCI compliant- little or no experience is required, attendees can easily implement this solution while gaining some basic Linux and Raspberry Pi experience.

Speaker(s): Bob Hewitt

Description:

PCI 11.1 requires testing for the presence of wireless access points (802.11), and to detect and identify all authorized and unauthorized wireless access points on a quarterly basis. Learn how to use Raspberry Pi along with Kismet to comply with this requirement by identifying new wireless access points on a continuous basis for a fraction of the cost of commercial products. This is an easy project for anyone that needs to be PCI compliant regardless of their experience level.


OSINT for Fun & Games

Audience:

Anyone unfamiliar with OSINT.

Speaker(s): Brian Martin of Liticode

Description:

Open Source Intelligence (OSINT) is the material garnered from publicly available resources and assembled into useful information for an intelligence apparatus. This can be governmental, political, commercial, or personal. This introductory field overview encompasses the origins, the foundational readings, the resources, and real world examples of the information in question. There is a real demand for people in the government and commercial space, who are able to acquire, distill, and or assemble OSINT into useful materials for political or commercial gain.


Startup Village

Audience:

Everyone interested in Tech and Business.

Speaker(s): Joshua Marpet – @quadling

Description:

Tech people are valued in the industry. We’re in one of the few negative unemployment industries that there is. But we want more. We want control of our own destiny! How do we do that? Start your own company! Ok, how do I do that? Should I do that? Why would I do that? Oh god, it’s scary!! How do I raise money? Who do I talk to??? We’re going to bring the people in to talk to. They want to meet you. You want to meet them. It’s a match made in heaven!


Kids – Learn to Bypass Parental Controls!

Audience:

Everyone – talk is geared to kids and concerned parents

Speaker(s): Walt Berstler – @kingofbigwheels

Description:

Unable to install your own mobile apps? Blocked from surfing the Internet? Is your DVR locked down with Parental Controls? Learn how to bypass those controls – and not get caught. Your parents have been finding ways around restrictions for years – in fact, some of them get paid to do it! Now it’s your turn.


A Brief History of the Information Security Industry

Audience:

Anyone new to the Industry

Speaker(s): Space Rogue – @spacerog

Description:

An introduction and overview of the Information Security Industry as it is today and how it got there from an industry veteran. The focus is on the companies and their related technology that created the industry. This talk starts with information security in general with the creation of the first locks circa 1000BC through the development of the Internet, encryption, anti virus, firewalls, etc., and the companies that created them such as RSA, DEC, Checkpoint and others. The focus is on the companies and the market forces that shaped them.This look at history and the present day is then extrapolated to attempt to look into the near future and what might be coming. This talk is recommended for anyone who is new to the industry or anyone who wants to understand where we came from and where we might be heading.


How to Recruit Purple Squirrels, Pink Unicorns and other Mythical Security Creatures. Or If You Are a Pink Unicorn, How Best to Work with Recruiters

Audience:

Everyone who wants to better understand how to recruit and/or find a job in the security field.

Speaker(s): Kathleen Smith – @YesItsKathleen

Description:

Recruiters and job seekers are at odds in the battle for better candidates and jobs. The are horror stories shared in communities, in blogs and on videos about the recruiter who didn’t know one code from another, or tried to recruit the founder of Ruby on Rails to be an admin. So what do we do? After sharing some of the horror stories from both sides, let’s get down to clear tactics that job seekers and recruiters can use to work together. Hear from security recruiters and jobseekers how they have handled these situations. This session is for anyone looking to find a new job, hire new employees or understand how recruiting is an important part of any company’s success.
We will be a panel of two great recruiters who “”get it”” working with security candidates and one security professional who has fun dissecting poor recruiter behavior on Twitter.


Web Hacking 101 Hands-on with Burp Suite

Audience:

Anyone looking to “break into” the web app security field (lame pun intended)

Speaker(s): David Rhoades – @mavensecurity

Description:

A high-energy demo-laden caffeine-laced session that will introduce the student to the techniques needed to remotely detect and validate the presence of common vulnerabilities in web-based applications using Burp Suite, the industries’ most popular toolkit. Testing will be conducted from the perspective of the end user (as opposed to a source code audit).

This is a hands-on session. Attendees are encouraged to bring a PC, Mac, or Linux box running either Oracle VirtualBox or VMware Player (both are free). All of the tools and targets used during the session will be available to the attendees in a single virtual machine file.

To prepare wait until the day before the event then grab the latest version of the Web Security Dojo from here: https://www.mavensecurity.com/web_security_dojo/

NOTE: It’s best to wait a few days prior to the event to be sure you have the latest version of “the Dojo” since that will be used during the session.

Time permitting the following topics will be covered:
Web Primer (HTML, HTTP, Cookies; just the basics)
Introduction to Burp Suite
Threat Classification Systems (OWASP Top Ten & WASC Threat Classes)
Vulnerability Category: A3: Cross-Site Scripting (XSS)
Vulnerability Category: A4: Insecure Direct Object References
Vulnerability Category: A1: Injection (SQL, XML entity, etc.)

NOTE: Since the student will have all of the tools and targets in a single virtual machine, they are free to continue the learning after the session in the privacy of their own localhost. No network required. The Web Security Dojo includes various PDF walk-through guides for some of the targets.


Wireless Village WCTF

Audience:

We cater to those who are new to this game and those who have been playing for a long time. Each WCTF begins with a presentation on How to WCTF. We also have a resources page on our website that guides participants in their selection of equipment to bring.

Speaker(s): @Wifi_village and @WCTF_US

Description:

The Wireless Village is a group of experts in the areas of information, WiFi, and radio frequency with the common purpose to teach the exploration of these technologies with a focus on security. We focus on teaching classes on Wifi and Software Defined Radio, presenting guest speakers and panels, and providing the very best in Wireless Capture the Flag (WCTF) games to promote learning.

The Wireless Village plans to hold a WCTF contest during Bsides DE.


How Evil Kirk Uses Maltego

Audience:

Beginner to Intermediate. Should have some knowledge of Maltego.

Speaker(s): Robert McMahon

Description:

How to use Maltego to enumerate information from inside a domain, get domain users, computers, shares, files on remote computers and much more with the click of a button by using new local transform API for Maltego that allows you harness the power of .NET. After the talk we will release the API and the transforms mentioned in the presentation.


Padawans – Hacking 101

Audience:

Open to all but benefit those with a passion…and a Laptop w/ Kali VM

Speaker(s): Don Hess

Description:

Learning The Ways of the Force…ing your way into someone’s vulnerable network. Going over the Hacker’s Methodology for the Padawans to understand the Force. Also understand that “”With Great Power Comes Great Responsibility”” and how not to get into trouble with the Dark Side. Then I would like to demo/workshop introduction to Armitage (Gotta support Raphael) and help mentor those interested in exploring WILMU’s CTF environment. Understand that this is an introduction and “”Much to learn, you still have.””

(Seriously Star Wars: Episode VII is around the corner)


Forensics Village

Audience:

Forensic pros, interested amateurs, and newbies that want to get started.

Speaker(s): Jon Lucenius

Description:

This is the first year of a forensic village at BSidesDE! This area will feature an intense forensic contest, two talks, and conducting live forensics against the CTF as opportunities arise.

Bring your own laptop or use our loaner machine – either way you will be in an environment where you can be the forensic examiner, working a real life historical major case. We intend to test all aspects of your forensic abilities, including log analysis, image extraction, logical reasoning, investigative sense, and anti-forensic detection skills to name a few.

In addition to the forensics and ANTI-forensic contest above, there will be two talks on wildly different but relevant forensic topics.

We’ll be there for both days, stop by for a little, stay the whole time, or just come over and hang out. This is an opportunity to bring your forensic questions and get them answered from a professional perspective. New to forensics, no problem, we’ll help you get started – we were new once too!